PERSONAL DATA

AdobeStock_132920914.jpg

A set of services in the field of personal data protection and compliance with GDPR (General Data Protection Regulation).

The ability of companies to transmit and use information about customers and counterparties in the age of digital transformation of the global and Russian economies and acceleration of business processes has become one of the key factors in business development.

The right approach to handling the data allows not only to systematize and structure business processes related to data analytics, but also to avoid unnecessary administrative burden associated with duplication of functions and rights of different company divisions, and to avoid significant fines for violations of personal data protection legislation.

The laws of various countries increasingly impose stricter requirements for data protection, such as: in Russia, the Federal Law "On Personal Data" and in Europe, the EU General Data Protection Regulation (GDPR). For example, the Russian laws may impose fines of up to 18 million rubles, while the GDPR impose fines of up to 20 million euros, or 4% of the global revenues of a group of companies.

Russian companies should be alert to the fact that compliance with domestic laws does not automatically ensure compliance with the GDPR, since many of the processes and requirements have been introduced by European law for the first time.

HOW WE CAN HELP

Our team will help you to ensure compliance with the regulations not only in the field of personal data protection in Russia but also in cross-border transfer of data to foreign partners, parent companies of the groups.

Our services include:

Evaluating the applicability of GDPR rules

We will analyze the company's business processes, documents and technologies related to the processing of personal data for the applicability of GDPR requirements.

Simplified verification of compliance with FZ-152 "On Personal Data" and/or GDPR

We will conduct a general analysis of the company's business processes, general documents and technologies related to the processing of personal data for compliance with legal requirements. As a result, we will provide you with a report on the deficiencies identified under the relevant categories of requirements.

Personal data audit

In-depth analysis of business processes, document measures and procedures aimed at personal data protection. We will assess personal data processing processes for compliance with the requirements of Federal Law FZ-152 and/or GDPR, identify key risks related to GDPR, and prioritize them for the company. Based on the results of the assessment, we will develop recommendations to address the identified instances of non-compliance.

Optimization of business processes related to the processing of personal data

We will identify ways to reduce the administrative burden and execution of business processes, based on processes and technologies of personal data processing, identified during the survey stage, as well as taking into account the specifics of the company's business.

Support for the processing of personal data

We will provide consulting or subscription support during the execution of employee data processing and protection processes. The service includes one-time or periodic audits of compliance with Federal Law FZ-152 and/or GDPR. In addition, we will help develop an internal audit plan for compliance.

Development of a roadmap to bring processes for the protection of personal data into compliance with GDPR

We will prepare a roadmap with the necessary level of detail, which will describe the next steps to bring the processes of personal data processing into compliance with the requirements of FZ-152 and/or GDPR. At your option, the roadmap may contain an assessment of the timing of the work, the persons responsible, as well as the priority of the recommended activities.

Support in building/transforming business processes in accordance with the requirements of Federal Law FZ-152 and/or GDPR

We will help you both at the initial stage and during the transformation of business processes in accordance with the requirements of Federal Law 152 and/or GDPR. We will organize events to raise employees’ awareness, develop internal documents and contracts with third parties, as well as help to implement changes in the technology of personal data processing.

A set of services can be tailored to your individual order.

Stanislav Boyko

Director Legal and Tax Consulting Department

Moscow
Send Message